Thread: BUG #3866: Segfault during table update when using convert_from()

BUG #3866: Segfault during table update when using convert_from()

From

"Andrew Gilligan"

Date:

09 January 2008, 18:57:00

The following bug has been logged online:

Bug reference:      3866
Logged by:          Andrew Gilligan
Email address:      andy@tcpd.net
PostgreSQL version: 8.3RC1
Operating system:   FreeBSD 4.11
Description:        Segfault during table update when using convert_from()
Details:

Greetings,

It seems there exists a bug in the way character set conversion
is handled in some circumstances.

Running the test below results in the server (8.3RC1) segfaulting
every time.  I haven't fully explored the extent, but it exists
with (at least) LATIN2 and LATIN9 conversion.

The database and client encoding are both UTF8.

Best regards,
-Andy

-- test case --
test=# CREATE TABLE t (id int, geo text);
CREATE TABLE
test=# INSERT INTO t (id, geo) VALUES (1,
convert_from(decode('50696f74726bf3772c20506f6c616e64','hex'), 'LATIN9'));
INSERT 0 1
test=# UPDATE t SET geo =
convert_from(decode('50696f74726bf3772c20506f6c616e64','hex'), 'LATIN9');
UPDATE 1
-- more than 1 row is needed to trigger the error
test=# INSERT INTO t (id, geo) VALUES (2,
convert_from(decode('50696f74726bf3772c20506f6c616e64','hex'), 'LATIN9'));
INSERT 0 1
test=# UPDATE t SET geo =
convert_from(decode('50696f74726bf3772c20506f6c616e64','hex'), 'LATIN9');
server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!>

Re: BUG #3866: Segfault during table update when using convert_from()

From

"Pavel Stehule"

Date:

09 January 2008, 19:44:16

T24gMDkvMDEvMjAwOCwgQW5kcmV3IEdpbGxpZ2FuIDxhbmR5QHRjcGQubmV0
PiB3cm90ZToKPgo+IFRoZSBmb2xsb3dpbmcgYnVnIGhhcyBiZWVuIGxvZ2dl
ZCBvbmxpbmU6Cj4KPiBCdWcgcmVmZXJlbmNlOiAgICAgIDM4NjYKPiBMb2dn
ZWQgYnk6ICAgICAgICAgIEFuZHJldyBHaWxsaWdhbgo+IEVtYWlsIGFkZHJl
c3M6ICAgICAgYW5keUB0Y3BkLm5ldAo+IFBvc3RncmVTUUwgdmVyc2lvbjog
OC4zUkMxCj4gT3BlcmF0aW5nIHN5c3RlbTogICBGcmVlQlNEIDQuMTEKPiBE
ZXNjcmlwdGlvbjogICAgICAgIFNlZ2ZhdWx0IGR1cmluZyB0YWJsZSB1cGRh
dGUgd2hlbiB1c2luZyBjb252ZXJ0X2Zyb20oKQo+IERldGFpbHM6Cj4KPiBH
cmVldGluZ3MsCj4KPiBJdCBzZWVtcyB0aGVyZSBleGlzdHMgYSBidWcgaW4g
dGhlIHdheSBjaGFyYWN0ZXIgc2V0IGNvbnZlcnNpb24KPiBpcyBoYW5kbGVk
IGluIHNvbWUgY2lyY3Vtc3RhbmNlcy4KPgo+IFJ1bm5pbmcgdGhlIHRlc3Qg
YmVsb3cgcmVzdWx0cyBpbiB0aGUgc2VydmVyICg4LjNSQzEpIHNlZ2ZhdWx0
aW5nCj4gZXZlcnkgdGltZS4gIEkgaGF2ZW4ndCBmdWxseSBleHBsb3JlZCB0
aGUgZXh0ZW50LCBidXQgaXQgZXhpc3RzCj4gd2l0aCAoYXQgbGVhc3QpIExB
VElOMiBhbmQgTEFUSU45IGNvbnZlcnNpb24uCj4KPiBUaGUgZGF0YWJhc2Ug
YW5kIGNsaWVudCBlbmNvZGluZyBhcmUgYm90aCBVVEY4Lgo+Cj4gQmVzdCBy
ZWdhcmRzLAo+IC1BbmR5Cj4KPiAtLSB0ZXN0IGNhc2UgLS0KPiB0ZXN0PSMg
Q1JFQVRFIFRBQkxFIHQgKGlkIGludCwgZ2VvIHRleHQpOwo+IENSRUFURSBU
QUJMRQo+IHRlc3Q9IyBJTlNFUlQgSU5UTyB0IChpZCwgZ2VvKSBWQUxVRVMg
KDEsCj4gY29udmVydF9mcm9tKGRlY29kZSgnNTA2OTZmNzQ3MjZiZjM3NzJj
MjA1MDZmNmM2MTZlNjQnLCdoZXgnKSwgJ0xBVElOOScpKTsKPiBJTlNFUlQg
MCAxCj4gdGVzdD0jIFVQREFURSB0IFNFVCBnZW8gPQo+IGNvbnZlcnRfZnJv
bShkZWNvZGUoJzUwNjk2Zjc0NzI2YmYzNzcyYzIwNTA2ZjZjNjE2ZTY0Jywn
aGV4JyksICdMQVRJTjknKTsKPiBVUERBVEUgMQo+IC0tIG1vcmUgdGhhbiAx
IHJvdyBpcyBuZWVkZWQgdG8gdHJpZ2dlciB0aGUgZXJyb3IKPiB0ZXN0PSMg
SU5TRVJUIElOVE8gdCAoaWQsIGdlbykgVkFMVUVTICgyLAo+IGNvbnZlcnRf
ZnJvbShkZWNvZGUoJzUwNjk2Zjc0NzI2YmYzNzcyYzIwNTA2ZjZjNjE2ZTY0
JywnaGV4JyksICdMQVRJTjknKSk7Cj4gSU5TRVJUIDAgMQo+IHRlc3Q9IyBV
UERBVEUgdCBTRVQgZ2VvID0KPiBjb252ZXJ0X2Zyb20oZGVjb2RlKCc1MDY5
NmY3NDcyNmJmMzc3MmMyMDUwNmY2YzYxNmU2NCcsJ2hleCcpLCAnTEFUSU45
Jyk7Cj4gc2VydmVyIGNsb3NlZCB0aGUgY29ubmVjdGlvbiB1bmV4cGVjdGVk
bHkKPiAgICAgICAgIFRoaXMgcHJvYmFibHkgbWVhbnMgdGhlIHNlcnZlciB0
ZXJtaW5hdGVkIGFibm9ybWFsbHkKPiAgICAgICAgIGJlZm9yZSBvciB3aGls
ZSBwcm9jZXNzaW5nIHRoZSByZXF1ZXN0Lgo+IFRoZSBjb25uZWN0aW9uIHRv
IHRoZSBzZXJ2ZXIgd2FzIGxvc3QuIEF0dGVtcHRpbmcgcmVzZXQ6IEZhaWxl
ZC4KPiAhPgoKSSB0ZXN0ZWQgaXQgd2l0aG91dCBkZWJ1ZyBmbGFncyBhbmQg
c2VydmVyIGZhdWx0cy4KCndpdGggLS1lbmFibGUtZGVidWcgYW5kIC0tZW5h
YmxlLWNhc3NlcnQgSSBnb3QKY29udmVydF9mcm9tKGRlY29kZSgnNTA2OTZm
NzQ3MjZiZjM3NzJjMjA1MDZmNmM2MTZlNjQnLCdoZXgnKSwgJ0xBVElOOScp
OwpFUlJPUjogIDQyNjIyOiBlbmNvZGluZyBuYW1lIHRvbyBsb25nCkxPQ0FU
SU9OOiAgcGdfY2hhcl90b19lbmNuYW1lX3N0cnVjdCwgZW5jbmFtZXMuYzo1
MTUKCnBvc3RncmVzPSMgSU5TRVJUIElOVE8gdCAoaWQsIGdlbykgVkFMVUVT
ICgyLApjb252ZXJ0X2Zyb20oZGVjb2RlKCc1MDY5NmY3NDcyNmJmMzc3MmMy
MDUwNmY2YzYxNmU2NCcsJ2hleCcpLCAnTEFUSU45JykpOwpJTlNFUlQgMCAx
CnBvc3RncmVzPSMgVVBEQVRFIHQgU0VUIGdlbyA9CmNvbnZlcnRfZnJvbShk
ZWNvZGUoJzUwNjk2Zjc0NzI2YmYzNzcyYzIwNTA2ZjZjNjE2ZTY0JywnaGV4
JyksICdMQVRJTjInKTsKRVJST1I6ICA0MjYyMjogZW5jb2RpbmcgbmFtZSB0
b28gbG9uZwpMT0NBVElPTjogIHBnX2NoYXJfdG9fZW5jbmFtZV9zdHJ1Y3Qs
IGVuY25hbWVzLmM6NTE1CnBvc3RncmVzPSMKCnRoaXMgcHJvYmxlbSBpcyBv
bmx5IGluIFVQREFURSBzdGF0ZW1lbnQKCnBnX2NoYXJfdG9fZW5jbmFtZV9z
dHJ1Y3QgaXMgY2FsbGVkIDMgdGltZXMsIDJ0aW1lcyB3aXRoIGNvcnJlY3Qg
bmFtZQphbmQgbGFzdCB0aW1lIHdpdGggZ2FyYmFnZQoKQnJlYWtwb2ludCAx
LCBwZ19jaGFyX3RvX2VuY25hbWVfc3RydWN0ICgKICAgIG5hbWU9MHg4YmIz
NTEwICdcMTc3JyA8cmVwZWF0cyA2NCB0aW1lcz4sICLvv73vv73vv71cYiAi
KSBhdCBlbmNuYW1lcy5jOjQ5Ngo0OTYgICAgICAgICAgICAgdW5zaWduZWQg
aW50IG5lbCA9IHBnX2VuY25hbWVfdGJsX3N6OwooZ2RiKSBidAojMCAgcGdf
Y2hhcl90b19lbmNuYW1lX3N0cnVjdCAoCiAgICBuYW1lPTB4OGJiMzUxMCAn
XDE3NycgPHJlcGVhdHMgNjQgdGltZXM+LCAi77+977+977+9XGIgIikgYXQg
ZW5jbmFtZXMuYzo0OTYKIzEgIDB4MDgyZTI0ZGMgaW4gcGdfY2hhcl90b19l
bmNvZGluZyAoCiAgICBuYW1lPTB4OGJiMzUxMCAnXDE3NycgPHJlcGVhdHMg
NjQgdGltZXM+LCAi77+977+977+9XGIgIikgYXQgZW5jbmFtZXMuYzo1NTAK
IzIgIDB4MDgyZTNlZDggaW4gcGdfY29udmVydCAoZmNpbmZvPTB4YmZhMjM3
ZGMpIGF0IG1idXRpbHMuYzozNjIKIzMgIDB4MDgyZDk0OWUgaW4gRGlyZWN0
RnVuY3Rpb25DYWxsMyAoZnVuYz0weDgyZTNlYjAgPHBnX2NvbnZlcnQ+LAog
ICAgYXJnMT0xNDY0ODczNTYsIGFyZzI9MTQ2NDg2NTQ0LCBhcmczPTE0NjU5
Nzg4NCkgYXQgZm1nci5jOjEwMzAKIzQgIDB4MDgyZTNjMjQgaW4gcGdfY29u
dmVydF9mcm9tIChmY2luZm89MHhiZmEyM2EzOCkgYXQgbWJ1dGlscy5jOjMz
NgojNSAgMHgwODE4YzU2MyBpbiBFeGVjTWFrZUZ1bmN0aW9uUmVzdWx0Tm9T
ZXRzIChmY2FjaGU9MHg4YmNjYzY0LAogICAgZWNvbnRleHQ9MHg4YmNjYjY0
LCBpc051bGw9MHg4YmNkN2E5ICIiLCBpc0RvbmU9MHg4YmNkODBjKQogICAg
YXQgZXhlY1F1YWwuYzoxNDEyCiM2ICAweDA4MTg3NWQyIGluIEV4ZWNQcm9q
ZWN0IChwcm9qSW5mbz0weDhiY2Q3YmMsIGlzRG9uZT0weGJmYTIzY2U4KQog
ICAgYXQgZXhlY1F1YWwuYzo0NjAxCiM3ICAweDA4MThlMTNiIGluIEV4ZWNT
Y2FuIChub2RlPTB4OGJjY2FkOCwgYWNjZXNzTXRkPTB4ODE5YTgxMCA8U2Vx
TmV4dD4pCiAgICBhdCBleGVjU2Nhbi5jOjE0MwojOCAgMHgwODE5YTgwOSBp
biBFeGVjU2VxU2NhbiAobm9kZT0weDhiY2NhZDgpIGF0IG5vZGVTZXFzY2Fu
LmM6MTMwCiM5ICAweDA4MTg2ZWFkIGluIEV4ZWNQcm9jTm9kZSAobm9kZT0w
eDhiY2NhZDgpIGF0IGV4ZWNQcm9jbm9kZS5jOjMzNAojMTAgMHgwODE4NjEw
YiBpbiBFeGVjdXRvclJ1biAocXVlcnlEZXNjPTB4OGJjOTlmNCwKICAgIGRp
cmVjdGlvbj1Gb3J3YXJkU2NhbkRpcmVjdGlvbiwgY291bnQ9MCkgYXQgZXhl
Y01haW4uYzoxMjMzCiMxMSAweDA4MjJkODI0IGluIFByb2Nlc3NRdWVyeSAo
cGxhbj0weDhiYjNmYzgsIHBhcmFtcz08dmFsdWUgb3B0aW1pemVkIG91dD4s
CiAgICBkZXN0PTB4OGJiNDA0NCwgY29tcGxldGlvblRhZz0weGJmYTIzZjdh
ICIiKSBhdCBwcXVlcnkuYzoxNzkKIzEyIDB4MDgyMmRhZTggaW4gUG9ydGFs
UnVuTXVsdGkgKHBvcnRhbD0weDhiYmQyMmMsCiAgICBpc1RvcExldmVsPTx2
YWx1ZSBvcHRpbWl6ZWQgb3V0PiwgZGVzdD0weDhiYjQwNDQsIGFsdGRlc3Q9
MHg4YmI0MDQ0LAotLS1UeXBlIDxyZXR1cm4+IHRvIGNvbnRpbnVlLCBvciBx
IDxyZXR1cm4+IHRvIHF1aXQtLS0KICAgIGNvbXBsZXRpb25UYWc9MHhiZmEy
M2Y3YSAiIikgYXQgcHF1ZXJ5LmM6MTI0MgojMTMgMHgwODIyZTJhNCBpbiBQ
b3J0YWxSdW4gKHBvcnRhbD0weDhiYmQyMmMsIGNvdW50PTIxNDc0ODM2NDcs
CiAgICBpc1RvcExldmVsPTEgJ1wwMDEnLCBkZXN0PTB4OGJiNDA0NCwgYWx0
ZGVzdD0weDhiYjQwNDQsCiAgICBjb21wbGV0aW9uVGFnPTB4YmZhMjNmN2Eg
IiIpIGF0IHBxdWVyeS5jOjgxMwojMTQgMHgwODIyOTM2MyBpbiBleGVjX3Np
bXBsZV9xdWVyeSAoCiAgICBxdWVyeV9zdHJpbmc9MHg4YmIyNDVjICJVUERB
VEUgdCBTRVQgZ2VvCj1cbmNvbnZlcnRfZnJvbShkZWNvZGUoJzUwNjk2Zjc0
NzI2YmYzNzcyYzIwNTA2ZjZjNjE2ZTY0JywnaGV4JyksCidMQVRJTjInKTsi
KSBhdCBwb3N0Z3Jlcy5jOjk2MwojMTUgMHgwODIyYWUyMSBpbiBQb3N0Z3Jl
c01haW4gKGFyZ2M9NCwgYXJndj08dmFsdWUgb3B0aW1pemVkIG91dD4sCiAg
ICB1c2VybmFtZT0weDhiMzE1NjQgInBhdmVsIikgYXQgcG9zdGdyZXMuYzoz
NTM1CiMxNiAweDA4MWY2Y2E4IGluIFNlcnZlckxvb3AgKCkgYXQgcG9zdG1h
c3Rlci5jOjMxODAKIzE3IDB4MDgxZjc5OTYgaW4gUG9zdG1hc3Rlck1haW4g
KGFyZ2M9MywgYXJndj0weDhiMmU1MjgpIGF0IHBvc3RtYXN0ZXIuYzoxMDI4
CiMxOCAweDA4MWE5OWUwIGluIG1haW4gKGFyZ2M9MywgYXJndj1DYW5ub3Qg
YWNjZXNzIG1lbW9yeSBhdCBhZGRyZXNzIDB4NAopIGF0IG1haW4uYzoxODgK
CnJlZ2FyZHMKUGF2ZWwgU3RlaHVsZQo=

Re: BUG #3866: Segfault during table update when using convert_from()

From

Tom Lane

Date:

09 January 2008, 19:45:21

"Andrew Gilligan" <andy@tcpd.net> writes:
> It seems there exists a bug in the way character set conversion
> is handled in some circumstances.

Seems to be the bogus pfree() in pg_convert_from() that's causing
the problem :-(.  Take that out and you should be OK.

Thanks for the report!

            regards, tom lane

Re: BUG #3866: Segfault during table update when using convert_from()

From

Andrew Gilligan

Date:

09 January 2008, 20:18:55

On 9 Jan 2008, at 23:45, Tom Lane wrote:

> "Andrew Gilligan" <andy@tcpd.net> writes:
>> It seems there exists a bug in the way character set conversion
>> is handled in some circumstances.
>
> Seems to be the bogus pfree() in pg_convert_from() that's causing
> the problem :-(.  Take that out and you should be OK.

That's exactly it, thanks...  Everything seems fine now.

The fix is trivial, so not sure if a patch is even warranted, but
I've attached the changes just in case.

Best regards,
-Andy

Attachment

mbutils.diff